chore[notask]: release sdk + bare-sdk 0.12.3 (bump bare-fetch to ^3.0.1; dev bare-subprocess ^6.1.0)

lauripiisang · lauripiisang · commit eff687640ed5 · 2026-06-12T14:29:21.000+04:00
diff --git a/packages/bare-sdk/package.json b/packages/bare-sdk/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@qvac/bare-sdk",
-  "version": "0.12.2",
+  "version": "0.12.3",
   "license": "Apache-2.0",
   "description": "Bare-targeted slim assembly of the QVAC SDK. Consumers install only the addon packages they need and register plugins explicitly. No addon dependencies pulled in by default.",
   "repository": {
@@ -164,7 +164,7 @@
     "bare-abort-controller": "^1.0.0",
     "bare-crypto": "^1.13.4",
     "bare-events": "^2.8.0",
-    "bare-fetch": "^2.5.1",
+    "bare-fetch": "^3.0.1",
     "bare-fs": "^4.5.1",
     "bare-net": "^2.2.0",
     "bare-os": "^3.6.2",
diff --git a/packages/sdk/CHANGELOG.md b/packages/sdk/CHANGELOG.md
@@ -1,5 +1,17 @@
 # Changelog
 
+## [0.12.3]
+
+📦 **NPM:** https://www.npmjs.com/package/@qvac/sdk/v/0.12.3
+
+This is a dependency-maintenance patch. `@qvac/sdk` and `@qvac/bare-sdk` adopt `bare-fetch` 3.x and the SDK moves its dev-only `bare-subprocess` to 6.x. There are no source or public API changes.
+
+## Maintenance
+
+Bump bare-fetch to ^3.0.1 (adopt 3.x; public fetch API unchanged). Bump dev bare-subprocess to ^6.1.0.
+
+The bare-fetch 2→3 jump is a transitive-only major: the public fetch API is unchanged. The only 3.x behavior change is 3.0.1 header validation, and every SDK header construction (`new Headers({ 'User-Agent': ... })`, `append('Range', 'bytes=…')`) already builds RFC-valid headers. The bare-subprocess 5→6 bump is dev-only and affects no shipped code.
+
 ## [0.12.2]
 
 📦 **NPM:** https://www.npmjs.com/package/@qvac/sdk/v/0.12.2
diff --git a/packages/sdk/changelog/0.12.3/CHANGELOG.md b/packages/sdk/changelog/0.12.3/CHANGELOG.md
@@ -0,0 +1,7 @@
+# Changelog v0.12.3
+
+Release Date: 2026-06-12
+
+## 🔧 Maintenance
+
+- Bump bare-fetch to ^3.0.1 (adopt 3.x; public fetch API unchanged). Bump dev bare-subprocess to ^6.1.0.
diff --git a/packages/sdk/changelog/0.12.3/CHANGELOG_LLM.md b/packages/sdk/changelog/0.12.3/CHANGELOG_LLM.md
@@ -0,0 +1,11 @@
+# QVAC SDK v0.12.3 Release Notes
+
+📦 **NPM:** https://www.npmjs.com/package/@qvac/sdk/v/0.12.3
+
+This is a dependency-maintenance patch. `@qvac/sdk` and `@qvac/bare-sdk` adopt `bare-fetch` 3.x and the SDK moves its dev-only `bare-subprocess` to 6.x. There are no source or public API changes.
+
+## Maintenance
+
+Bump bare-fetch to ^3.0.1 (adopt 3.x; public fetch API unchanged). Bump dev bare-subprocess to ^6.1.0.
+
+The bare-fetch 2→3 jump is a transitive-only major: the public fetch API is unchanged. The only 3.x behavior change is 3.0.1 header validation, and every SDK header construction (`new Headers({ 'User-Agent': ... })`, `append('Range', 'bytes=…')`) already builds RFC-valid headers. The bare-subprocess 5→6 bump is dev-only and affects no shipped code.
diff --git a/packages/sdk/package.json b/packages/sdk/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@qvac/sdk",
-  "version": "0.12.2",
+  "version": "0.12.3",
   "license": "Apache-2.0",
   "repository": {
     "type": "git",
@@ -212,7 +212,7 @@
     "bare-abort-controller": "^1.0.0",
     "bare-crypto": "^1.13.4",
     "bare-events": "^2.8.0",
-    "bare-fetch": "^2.5.1",
+    "bare-fetch": "^3.0.1",
     "bare-fs": "^4.5.1",
     "bare-net": "^2.2.0",
     "bare-os": "^3.6.2",
@@ -242,7 +242,7 @@
     "@types/semver": "^7.7.1",
     "@types/tar-stream": "^3.1.4",
     "bare-readline": "^1.2.0",
-    "bare-subprocess": "^5.2.3",
+    "bare-subprocess": "^6.1.0",
     "bare-url": "^2.4.3",
     "brittle": "^3.19.1",
     "chromadb": "^3.0.14",
